Chinaunix首页 | 论坛 | 博客
  • 博客访问: 351509
  • 博文数量: 7
  • 博客积分: 3026
  • 博客等级: 中校
  • 技术积分: 590
  • 用 户 组: 普通用户
  • 注册时间: 2005-04-13 20:29
文章分类

全部博文(7)

文章存档

2010年(2)

2009年(2)

2008年(3)

我的朋友

分类: 网络与安全

2008-11-14 15:41:36

1.       Download:

2.       Prepare:

a)         OpenSSL, gcc, libiconv

b)        Group: sshd, User: sshd

c)        PATH: /usr/local/bin, /usr/ccs/bin

3.       Installation:

a)         ./configure

b)        make

c)        make install

4.       Building Chroot environment

a)         Mkdir /sftproot

b)        Cd /sftproot

c)        Mkdir dev

d)        Cd dev

e)         mknod zero c 13 12; mknod null c 13 2

f)         mkdir ../bin; cd ../bin

g)        cp command to bin: cp, ls, mkdir, mv, rm, rmdir, sh, ldd

h)        mkdir /sftproot/usr/lib /sftproot/usr/local/libexec

i)          copy files to usr/lib: ld.so.1, libc.so.1, libdl.so.1, libgen.so.1, libmp.so.2, libnsl.so.1, libsocket.so.1

j)          copy files to usr/local/libexec: sftp-server

k)        try: chroot /sftproot /bin/sh

l)          then check every library file of command/sftp-server and copy it to /lib or /usr/lib:

PATH=/bin;export PATH

ldd /usr/local/libexec/sftp-server

        libresolv.so.2 =>        (file not found)

        libcrypto.so.0.9.8 =>    /usr/lib/libcrypto.so.0.9.8

        librt.so.1 =>    /usr/lib/librt.so.1

        libz.so.1 =>     /usr/lib/libz.so.1  - wrong ELF class: ELFCLASS64

        libsocket.so.1 =>        /usr/lib/libsocket.so.1

        libnsl.so.1 =>   /usr/lib/libnsl.so.1

        libc.so.1 =>     /usr/lib/libc.so.1

        libdl.so.1 =>    /usr/lib/libdl.so.1

        libgcc_s.so.1 =>         /usr/local/lib/libgcc_s.so.1

        libaio.so.1 =>   /usr/lib/libaio.so.1

        libmd.so.1 =>    /lib/libmd.so.1

        libmp.so.2 =>    /lib/libmp.so.2

        libscf.so.1 =>   /lib/libscf.so.1

        libdoor.so.1 =>  /lib/libdoor.so.1

        libuutil.so.1 =>         /lib/libuutil.so.1

        libgen.so.1 =>   /usr/lib/libgen.so.1

        libm.so.2 =>     /lib/libm.so.2

the files in red should copy to correct place just like /sftproot/usr/lib

m)      Test: on a server try:

-bash-3.00$ sftp sftpuser

Connecting to 10.10.10.19...

sftpuser password:

sftp> pwd

Remote working directory: /home/2

sftp> ls

.

..

sftp> exit

-bash-3.00$ sftp

5.       Login without password

SSH support key pair authentication so we can login without password (same user name)

a)         Generate a key pair on your host: private key & public key stored in ~/.ssh

ssh-keygen -t rsa

public key: ~/.ssh/id_rsa.pub

private key: ~/.ssh/id_rsa

b)        Save the public key to the remote host you want login as:

~/.ssh/authorized_keys

 

阅读(2074) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~